> > > > On average, around 15 million TLS connections are established with > > Cloudflare per second. Upgrading each to ML-DSA, would take > > 1.8Tbps, which is 0.6% of our current total network capacity. No > > problem so far. The question is how these extra bytes affect > > performance. > > Back in 2021, we ran a large-scale experiment to measure the > > impact of big post-quantum certificate chains on connections to > > Cloudflare’s network over the open Internet. There were two > > important results. First, we saw a steep increase in the rate of > > client and middlebox failures when we added more than 10kB to > > existing certificate chains. > > > Would you be willing to share some numbers around the increase in > failures?
Details are in our 2021 blog post https://blog.cloudflare.com/sizing-up-post-quantum-signatures/ > What do you think might've been the cause for increased > failures at clients and middleboxes? One hypothesis I have is > TLS-related DPI might allocate a certain buffer to capture the > handshake, which was now being crossed. > That could well be one cause. 16MB chains are allowed by the spec, but most TLS libraries reject shorter chains. Back in 2021 I saw that OpenSSL rejected chains longer than 106kB, and Go rejects them if they're longer than 64kB. That's still well above 13kB, but there could be middleboxes that picked a shorter buffer length. Note that this is problematic for those that only want to deploy a single certificate "chameleon hybrids". Best, Bas > > Regards, > > Raghu Saxena > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-le...@ietf.org >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org